Report bugs for version 1.2.8 here

Enter AlegroCart Bugs Here, but if you're not certain, post in General support first.
User avatar
Brent
Site Admin
Posts: 4419
Joined: Sat Dec 12, 2009 3:35 pm
Location: Canada eh

Re: Report bugs for version 1.2.8 here

Post by Brent » Tue Aug 20, 2013 12:54 pm

That is not a bug, but a security measure. The form has a random key embeded that is created by the contoller. When the form is submitted, the controller compares the key returned to the one it created so ensure they match. This is implemented on many pages in admin to ensure cross site scripting is not possible. In the catalog side, it is only used in the customer account forms. As with most carts, the back button is not a good idea to use when submitting forms.

ds_robert
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Post by ds_robert » Wed Aug 21, 2013 1:30 am

Many thanks for the explanation Brent :-)

I know little about Internet security or Internet programming, but from the user viewpoint, if I entered valid details (no matter by what route) I would not expect to be given an error message - that would really p*$$ me off. To the ordinary user, this definitely comes across as a system malfunction.

Maybe something to look at in the future?

Having said all that, we have been extensively testing AlegroCart and its various functions and it is, by far, the best shopping cart package we have experience of. A great resource that is really appreciated :-)

User avatar
leo
admin
Posts: 4263
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Post by leo » Wed Aug 21, 2013 1:47 am

We have to have something against cross site scripting. An error message is much better than to be hacked.
FYI: http://en.wikipedia.org/wiki/Cross-site_scripting

Anyway, the steps you have described seems to me very rare.
May be you could change the error message to something more digestible.

ds_robert
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Post by ds_robert » Wed Aug 21, 2013 1:58 am

Thanks for your comments Leo.

As I said, I know little about Internet security so fully accept your explanation. And fully agree that we would rather have this minor inconvenience than having our website or database hacked into. It is just that we are looking at the system from a user, rather than a programmer or techie, viewpoint.

And, yes, this is a rather obscure sequence of events, so we guess it will rarely, if ever, happen. We are doing some extensive testing and, if this is the worse we can come up with, it surely says something about the outstanding quality of the package!

Again, we would like to thank the AlegroCart team for such a great product :D

ds_robert
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Post by ds_robert » Tue Sep 10, 2013 2:24 am

On the create account webpage we are getting a description of "New Customer" in the "Returning Customer" box.

We have changed the
text_i_am_returning_customer
variable on the
catalog\language\english\controller\account_login.php
file, so it it not a problem for us. Just posting the details here in case anything in the source files needs to be updated.

User avatar
leo
admin
Posts: 4263
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Post by leo » Tue Sep 10, 2013 3:17 am

I don't know what's wrong there but originally that language file contains this line:

Code: Select all

$_['text_i_am_returning_customer'] = 'I am a returning customer.';

ds_robert
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Post by ds_robert » Tue Sep 10, 2013 4:12 am

Thanks for the reply Brent, I was just posting to let you know just in case. Perhaps I had corrupted the file here.

As a further thing which one of our customers has complained about, as they go through the checkout process, the have a selection screen for Payment Information. Since we are only using a single payment processor, the customer said it was rather pointless to show a selection screen when there was only one option. Is they a simple way of jumping this display if we continue using only one payment processor?

This is just a "nice to have" and not really a problem for us. We always get pernickety customers :roll:

User avatar
leo
admin
Posts: 4263
Joined: Sun Dec 13, 2009 8:27 am
Location: Hungary

Re: Report bugs for version 1.2.8 here

Post by leo » Tue Sep 10, 2013 6:30 am

My first thoughts:
The checkout_payment.php contains a lot of validation. It must be added/moved to the checkout_confirm.php (if it has been not done yet, so avoid duplicates).
The payment_method is stored in a session variable, this should be hard coded (what your customer uses).
Don't forget to modify the back and continue buttons accordingly.

ds_robert
Posts: 41
Joined: Fri Mar 01, 2013 5:26 am

Re: Report bugs for version 1.2.8 here

Post by ds_robert » Wed Sep 11, 2013 4:11 am

Many thanks for your feedback Leo.

gob33
Posts: 107
Joined: Wed Apr 07, 2010 3:10 pm

Re: Report bugs for version 1.2.8 here

Post by gob33 » Sat Oct 26, 2013 5:38 am

Description of bug inside shipping methods:

My shipping extension returns a well formated shipping method array, except there is no quote (empty) as that shipping method is not possible for the customer country:

Code: Select all

array
  'id' => string 'colissimo' (length=9)
  'title' => string 'Colissimo&nbsp;<img src="image/shipping/shipping_colissimo_inter.gif" alt="" />' (length=79)
  'quote' => 
    array
      empty
  'tax_class_id' => string '0' (length=1)
  'sort_order' => string '0' (length=1)
  'error' => string 'Pas d'expédition Colissimo disponible vers ce pays.' (length=52)
In that case, it breaks because 'quote' is empty:

Code: Select all

Notice: Undefined index: in ALEGROCART-1.2.8\upload\catalog\template\default\content\checkout_shipping.tpl on line 66
Line 66 is:

Code: Select all

		<?php if($method['quote'][key($method['quote'])]['id'] == $default){?>
		<table class="default_method">
		<?php } else {?>
		<table class="method">
		<?php }?>
No control in the if() on array keys.
Compare with OpenCart 0.7.7 to see these lines have been added there i dont know why ?
Last edited by gob33 on Sun Oct 27, 2013 11:15 am, edited 1 time in total.

Locked